Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Rust Fund
Submissions
AI First Flight
Rust Fund
AI First Flight #9
Beginner Friendly
Rust
EXP
AI First Flight
EXP
Apr 3rd, 2026 → Apr 3rd, 2026
View repo
View results
10 / 10
Submissions
Severity
Validity
Tags
Author
#1
withdraw() transfers all raised funds without checking campaign deadline, enabling creator to drain before goal window closes
High
Valid
[H-01] No check for if camp...
virgilbb
#2
withdraw() has no goal check — creator can drain funds even when campaign falls short of target
High
Valid
[H-02] H-01. Creators Can W...
virgilbb
#3
contribute() never writes contribution.amount — every refund returns zero SOL to the contributor
High
Valid
[H-03] Permanent Loss of Co...
virgilbb
#4
refund() has no goal check — contributors can drain a fully funded campaign after the deadline
High
Valid
[H-04] Inadequate Refund Co...
virgilbb
#5
Missing `amount_raised` reset in `withdraw()` allows double-withdrawal that drains rent-exempt lamports
Medium
Valid
[M-01] Withdrawal doesn't r...
virgilbb
#6
Missing `dealine_set = true` assignment in `set_deadline()` allows creator to change deadline at any time
Medium
Valid
[M-02] The set_deadline fun...
virgilbb
#7
refund() decrements amount_raised permanently, allowing partial refunds to push a successful campaign below goal and lock the creator out of withdraw()
Medium
Valid
[M-03] Fund Creator Can't W...
virgilbb
#8
Short-circuit deadline check in `refund()` when `deadline == 0` allows contributors to drain active campaigns
Low
Valid
[L-01] Refund function allo...
virgilbb
#9
refund() and withdraw() use direct lamport manipulation instead of system_program::transfer, bypassing Solana runtime safety checks
Low
Valid
[L-03] Unsafe Direct Lampor...
virgilbb
#10
withdraw() and refund() do not close accounts — rent-exempt SOL is permanently locked after funds are transferred
Low
Valid
[L-04] Unclaimed rent from ...
virgilbb
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
